kerberos 5.0 and apache 1.3.34

Richard E. Silverman res at qoxp.net
Fri Mar 17 00:10:55 EST 2006


>>>>> "AA" == abbas attarwala <abbas.attarwala at gmail.com> writes:

    AA> Hello, I have apache 1.3.34 running on a ubuntu linux box. I want
    AA> my webserver to authenticate users through kerberos.

    AA> my kerberos, i think is correctly set up. I can use kinit and
    AA> klist.

    AA> my questions are:

    AA> 1) What exactly do i need to change in the httpd.conf file?  my
    AA> website resides under /var/www and i want all the contents under
    AA> /var/www to be protected.

    AA> 2) I got the libapache_mod_auth_kerb package through
    AA> synaptics(ubuntu) and apache loads it just fine. BUT, when go on a
    AA> different machine and try to access the website, i can see the
    AA> dialog box with user name and password open, but when i enter my
    AA> credentials, the box just keeps on popping up and does not seem to
    AA> authenticate.

    AA> what am i doing wrong?

Since you haven't debugged enough to find out why it's doing that, there
are too many possiblities to cover.  Look at the KDC log, the Apache error
log, the DNS and HTTP traffic.  Find out what it's doing before trying to
fix it.

At least, you must have an HTTP/<fqdn>@REALM principal and its key in the
keytab referenced below, and that file readable by the Apache process.

  <directory /var/www>
    AuthType Kerberos
    AuthName "Our Secure Space"
    KrbMethodNegotiate on
    KrbServiceName HTTP
    Krb5Keytab /path/to/my/keytab
    require valid-user
  </directory>

-- 
  Richard Silverman
  res at qoxp.net




More information about the Kerberos mailing list